PatchSiren cyber security CVE debrief
CVE-2026-44160 fluent CVE debrief
CVE-2026-44160 is a denial of service vulnerability in Fluentd's in_http and in_forward plugins. Prior to version 1.19.3, these plugins support gzip-compressed data but only enforce limits on compressed payloads. This allows crafted compressed payloads to decompress in memory to an excessive size, causing denial of service through memory exhaustion. The issue is fixed in version 1.19.3. Affected users should be aware of the potential for memory exhaustion and take steps to mitigate this vulnerability, especially when handling large volumes of compressed data. This vulnerability has a high impact on systems handling large volumes of compressed data and requires immediate attention from administrators and security teams.
- Vendor
- fluent
- Product
- fluentd
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-08
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-08
- Advisory updated
- 2026-07-10
Who should care
Users of Fluentd's in_http and in_forward plugins, especially those handling large volumes of compressed data, should be aware of this vulnerability and take steps to mitigate it. This includes administrators of Fluentd instances, security teams monitoring for potential exploits, and developers integrating Fluentd into their applications.
Technical summary
Fluentd's in_http and in_forward plugins prior to version 1.19.3 do not properly enforce memory limits on decompressed data. This allows attackers to craft gzip-compressed payloads that, when decompressed, consume excessive memory, leading to a denial of service. The vulnerability is addressed in Fluentd version 1.19.3. Affected users should be aware of the potential for memory exhaustion and take steps to mitigate this vulnerability, especially when handling large volumes of compressed data.
Defensive priority
High
Recommended defensive actions
- Upgrade to Fluentd version 1.19.3 or later
- Limit the size of compressed data handled by in_http and in_forward plugins
- Monitor memory usage of Fluentd instances
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
Evidence notes
The CVE record was published on 2026-07-08T22:17:14.600Z and was last modified on 2026-07-10T17:49:57.737Z. The NVD entry is currently Undergoing Analysis. This information is based on the provided source corpus and may be subject to change as more information becomes available. Users should verify the status of CVE-2026-44160 with the official CVE and NVD sources for the most up-to-date information.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-08T22:17:14.600Z and has not been modified since then. The NVD entry is currently Undergoing Analysis.